E-Passport

The electronic passport with biometrics identifier has been recognised as the new standard for Machine Readable Travel Document (MRTD).  The International Civil Aviation Organisation (ICAO) has adopted e-passport technology as set down in Document 9303 Sixth Edition Part 1 Volume 2. The e-passport data can be authenticated through Public Key Infrastructure (PKI) method in a mandatory process defined as Passive Authentication


Document Security Object (SOD)

The Document Security Object (SOD), which is digital signature of the contents of the MRTD generated by the issuance agency, is stored within the MRTD. It is very important that the Document Security Object (SOD) of the MRTD is authenticated to prove that the Logical Data Structure (LDS) is authentic and unaltered.


Electronic Passport

Personalization systems must have the capability to generate the SOD for encoding into the MRTD in accordance with the requirements of the passport issuing agency.On the other hand, border control systems must have the capability to decode the SOD found on foreign passports that have been signed using any combination of known PKI algorithms.


Document Security Object (SOD) SDK

For this, MCS has developed an SDK comprising a library for Java application and Java Native Interface (JNI) exported services which ensure complete portability across all platforms. Encoding and decoding SOD which is compliant with ICAO PKI V1.1 specification is possible with this native programming interface. This allows system integrator to write border control verification application written in other languages, such as C++, from different platforms to easily adopt the security requirements set by ICAO. This API can be implemented on:

  • Microsoft® Windows XP Professional
  • Microsoft® Windows 2000

This API provide functions to create the SOD according to PKCS#7 SignedData Type format and sign the content of LDS Security Object containing the hashes of the LDS data groups. The following signature algorithms are supported:

  • SHA1_RSA PKCS1_v15/PSS 
  • SHA256_RSA PKCS1_v15/PSS
  • SHA384_RSA PKCS1_v15/PSS
  • SHA512_RSA PKCS1_v15/PSS
  • SHA224_RSA PKCS1_v15
  • SHA1_DSA
  • SHA1_ECDSA

The SOD SDK is available now. Please contact us for more information.